RE: Remote Desktop vs VPN on Windows 2003

From: Paris E. Stone (pstone_at_alhurra.com)
Date: 01/19/05

  • Next message: Ansgar -59cobalt- Wiechers: "Re: Remote Desktop vs VPN on Windows 2003" 
    Date: Wed, 19 Jan 2005 11:45:27 -0500
To: "Roger A. Grimes" <roger@banneretcs.com>, "Ansgar -59cobalt- Wiechers" <bugtraq@planetcobalt.net>, <security-basics@securityfocus.com>

    So this box you offered up, is in fact hosted by Cox, on a cable
    segment, and also receives mail for your domain.

    Man, you are crazy! "Come hack at my mail server."

    Seriously, what other security measures are in place? Because you
    opened the door, and have insecure services on the internet, and it is a
    box that you get your mail at.
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Nice banner changeup too.

    telnet mail.banneretcs.com 25 yields:

    220 Microsoft FTP Services 6.0223
    ehlo
    501 Syntax: EHLO hostname
    helo
    501 Syntax: HELO hostname

    So the SMTP port says it is FTP, but answers to SMTP commands.
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Nslookup output below.

    N:\>nslookup
    Default Server: ##############
    Address: ###########

    > set q=any
    > banneretcs.com
    Server: #############
    Address: #############

    Non-authoritative answer:
    banneretcs.com nameserver = ns1.coxmail.com
    banneretcs.com nameserver = ns2.coxmail.com
    > set q=mx
    > banneretcs.com
    Server: ############
    Address: #############

    Non-authoritative answer:
    banneretcs.com MX preference = 10, mail exchanger = mail.banneretcs.com
    > set q=a
    > mail.banneretcs.com
    Server: ##########
    Address: ##########

    Non-authoritative answer:
    Name: banneretcs.com
    Address: 68.106.158.136
    Aliases: mail.banneretcs.com

    > banneretcs.com
    Server: #############
    Address: #############

    Non-authoritative answer:
    Name: banneretcs.com
    Address: 68.106.158.136

    >

    -----Original Message-----
    From: Roger A. Grimes [mailto:roger@banneretcs.com]
    Sent: Tuesday, January 18, 2005 10:02 PM
    To: Paris E. Stone; Ansgar -59cobalt- Wiechers;
    security-basics@securityfocus.com
    Subject: RE: Remote Desktop vs VPN on Windows 2003

    I appreciate what you are both saying...but security is always a trade
    off of security vs. usability.

    RDP does not have a known vulnerability against it...you mention
    RC4...but again...until I hear that RDP is exploitable again, it's a
    great tool for me to use. If I'm running a NASA server or something top
    secret, I might need a more secure tool...but I'm pretty sure I'm not
    going to be running SSH either.

    If I need high security, I can also require the use of a smart card to
    use RDP.

    Also, if my background is strong Windows and weak on Unix and
    Unix-ported tools...why not stay with secure Windows tool?

    I love using open source and Unix-ported tools...but if the Windows tool
    can do the same or better job, why not use the free tools in the system?

    -----Original Message-----
    From: Paris E. Stone [mailto:pstone@alhurra.com]
    Sent: Tuesday, January 18, 2005 3:30 PM
    To: Ansgar -59cobalt- Wiechers; security-basics@securityfocus.com
    Subject: RE: Remote Desktop vs VPN on Windows 2003

    As was my original post, avoid naked RDP on the internet at all costs.

    Secure it with other means.

    -----Original Message-----
    From: Ansgar -59cobalt- Wiechers [mailto:bugtraq@planetcobalt.net]
    Sent: Tuesday, January 18, 2005 9:01 AM
    To: security-basics@securityfocus.com
    Subject: Re: Remote Desktop vs VPN on Windows 2003

    On 2005-01-17 Roger A. Grimes wrote:
    > I don't think RC4, by itself is weak...it's specific implementations
    > of RC4 (like in WEP).

    No. It's an algorithm problem, not an implementation problem.

    > Yes, RDP did have an RC4 vulnerability in 2002, but it was patched.
    > SSH had an RC4 vulnerability just a few months before RDP did (in
    > 2001). Both are patched now.

    The "patch" for SSH was to completely remove RC4 support. I don't think
    RDP was patched the same way (but I would welcome anyone to prove me
    wrong here).

    > SSH seems to get hacked at least once a year.

    True. But that's because of implementation problems, not because of
    problems with the underlying encryption algorithms. Implementation
    problems can be (more or less) easily patched.

    [...]
    > RDP is free (for W2K and above),

    Well, it's not really free, but I think I know what you mean.

    > remote client can be nearly anything (especiallly with RDP ActiveX
    > control),

    Requiring IE which one usually wants to avoid.

    > its encrypted,

    Using a weak algorithm.

    > fast, has kick *** Edit-Copy, Edit-Paste features, remote printing
    > (not so hot), drive mapping, etc.

    True.

    > RDP is arguably running on more Windows enterprise servers than any
    > alternative but SSH (and maybe PC Anywhere), and it has not had a
    > public exploit demonstrated since 2002. I'd say it is a strong
    > candidate for consideration.

    Please re-read my post. I was not suggesting to avoid RDP, but to tunnel
    RDP connections through e.g. SSH, which can be easily done. That way you
    have RDP *and* strong encryption.

    Regards
    Ansgar Wiechers 

    --
"Those who would give up liberty for a little temporary safety deserve
neither liberty nor safety, and will lose both."
--Benjamin Franklin
  • Next message: Ansgar -59cobalt- Wiechers: "Re: Remote Desktop vs VPN on Windows 2003"